User account and security

Posted: 10-02-2008, 10:51 PM
On Vista, in order for a system to see another machine's share, it asks for
the user's credentials. I know this can be tuned off using Password
protection for shares. However, regardless, if both the systems have the same
user account with the same password (not necessarily logged in as that user
but just if they have it), then things become very simple and the other user
can see and open the shares.

So here is the question: I am thinking of automatically creating a user
account with a GUID like password on these systems using standard Win32
API's. However, I am afraid that by creating user accounts automatically
(albeit with a GUID like password), I maybe opening up the user system
inadvertently to some security risk beyond what I am trying to achieve.

Does anyone have an opinion on this or see any major issues in doing this?

Thanks.

User account and security


Responses to "User account and security"

Paul Montgumdrop
Guest
Posts: n/a
 
Re: User account and security
Posted: 10-03-2008, 10:31 AM
Al wrote:
> On Vista, in order for a system to see another machine's share, it asks for
> the user's credentials. I know this can be tuned off using Password
> protection for shares. However, regardless, if both the systems have the same
> user account with the same password (not necessarily logged in as that user
> but just if they have it), then things become very simple and the other user
> can see and open the shares.
>
> So here is the question: I am thinking of automatically creating a user
> account with a GUID like password on these systems using standard Win32
> API's. However, I am afraid that by creating user accounts automatically
> (albeit with a GUID like password), I maybe opening up the user system
> inadvertently to some security risk beyond what I am trying to achieve.
>
> Does anyone have an opinion on this or see any major issues in doing this?
>
> Thanks.
>
This is my outlook on what user account group to use on file share.

<http://windowsitpro.com/article/articleid/23581/should-you-use-the-authenticated-users-group.html>

It works on a p2p level as well for anyone like a remote user or a
local user that is using a valid user account on the machine that is
hosting the file share.

For me, I delete all accounts of the folder of the file share, and I
also delete all accounts of the Share's permissions, leaving only the
Authenticated users group and set permissions for the group on the
folder and the share.

Authenticated users group tightens security on the file share, so that
only authenticated users can access the share with an existing user
account on the file share hosting machine.
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Vista User Account using Domain Security Pol? Noob Windows Vista Security 4 04-01-2008 01:35 PM
User Account Control, Security CJ Rom Windows Vista Security 25 11-21-2007 06:49 PM
can't figure out correct way to set security on user account e_rotic@hotmail.com Windows XP Security & Administration 0 09-06-2003 12:28 PM
XP User Account Security Jeremy Windows XP Security & Administration 1 09-04-2003 05:23 AM
Help on XP User Account and Security Peter Windows XP Security & Administration 0 08-20-2003 10:15 AM